RubyGems - rodauth - Versions diffs - 2.38.0 → 2.39.0 - Mend

rodauth 2.38.0 → 2.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/rodauth/features/base.rb +36 -0
data/lib/rodauth/features/http_basic_auth.rb +1 -1
data/lib/rodauth/features/json.rb +2 -2
data/lib/rodauth/features/jwt.rb +2 -2
data/lib/rodauth/features/jwt_cors.rb +5 -5
data/lib/rodauth/features/login.rb +2 -1
data/lib/rodauth/features/webauthn.rb +21 -9
data/lib/rodauth/features/webauthn_autofill.rb +1 -1
data/lib/rodauth/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f79db7dec7147665538bf0b4f8e0c6c554d88396b294f19e5a5ed26543c31d1c
-  data.tar.gz: ea377861679a55895bc325b1cf3932970b0de9c773615ba2daecb5805704ae02
+  metadata.gz: 3b8c2b404f5a8fad1607ba2bfd64ec4e03579a909ea324a0c9cda7705d9e79f7
+  data.tar.gz: bb2e8dcf2c4afa1d855379b69845c6d5efff8e097b5e95b38a11948c8d381d5d
 SHA512:
-  metadata.gz: 8e13b4dc188867866ee0eda53765091bb48f583d65957e488737b612bde4cf4ae9caa18edd2d88b3c609a7a3e25a51eec42fc5aa25e4083ea51c283310a36cb9
-  data.tar.gz: d50e275056bf3196a025e1933ab97ecd88d784c80ec97412cf046bb9718f558da4b321f7fbf52ba09d3554059157ef67f3f407625fd65c237fd2334e170066a7
+  metadata.gz: 4316cb199e760aaa144e7c1b154f974f514abdea83b5a18d4f85dd01ff64a9d8c030fd028cee8c27c00d3402a951571b3ae1379ca7ef8653c991df47035ef5c7
+  data.tar.gz: 0f1fa083577edf23a8db579ab5df5c9ef0d6087c97a7d2cea2c1ef7071049e495d3f374f5657194db4d6feef2252bb708f85af3a1a66e7f116185406db488984

data/lib/rodauth/features/base.rb CHANGED Viewed

@@ -563,6 +563,42 @@ module Rodauth
       s
     end
+    if Rack.release >= '3'
+      def set_response_header(key, value)
+        response.headers[key] = value
+      end
+      def convert_response_header_key(key)
+        key
+      end
+    # :nocov:
+    else
+      def set_response_header(key, value)
+        response.headers[convert_response_header_key(key)] = value
+      end
+      # Attempt backwards compatibility on Rack < 3 by changing
+      # known cases from lower case to mixed case.
+      mixed_case_headers = {}
+      (<<-END).split.each { |k| mixed_case_headers[k.downcase.freeze] = k.freeze }
+        Access-Control-Allow-Headers
+        Access-Control-Allow-Methods
+        Access-Control-Allow-Origin
+        Access-Control-Expose-Headers
+        Access-Control-Max-Age
+        Allow
+        Authorization
+        Content-Type
+        Content-Length
+        WWW-Authenticate
+      END
+      mixed_case_headers.freeze
+      define_method(:convert_response_header_key) do |key|
+        mixed_case_headers.fetch(key, key)
+      end
+    end
+    # :nocov:
     if RUBY_VERSION >= '2.1'
       def button_fixed_locals
         '(value:, opts:)'

data/lib/rodauth/features/http_basic_auth.rb CHANGED Viewed

@@ -73,7 +73,7 @@ module Rodauth
     def set_http_basic_auth_error_response
       response.status = 401
-      response.headers["WWW-Authenticate"] = "Basic realm=\"#{http_basic_auth_realm}\""
+      set_response_header("www-authenticate", "Basic realm=\"#{http_basic_auth_realm}\"")
     end
     def throw_basic_auth_error(*args)

data/lib/rodauth/features/json.rb CHANGED Viewed

@@ -186,7 +186,7 @@ module Rodauth
         unless request.post?
           response.status = 405
-          response.headers['Allow'] = 'POST'
+          set_response_header('allow', 'POST')
           json_response[json_response_error_key] = json_non_post_error_message
           return_json_response
         end
@@ -209,7 +209,7 @@ module Rodauth
     def _return_json_response
       response.status ||= json_response_error_status if json_response_error?
-      response['Content-Type'] ||= json_response_content_type
+      response.headers[convert_response_header_key('content-type')] ||= json_response_content_type
       return_response _json_response_body(json_response)
     end

data/lib/rodauth/features/jwt.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module Rodauth
         if session_data
           if jwt_symbolize_deeply?
-            s = JSON.parse(JSON.fast_generate(session_data), :symbolize_names=>true)
+            s = JSON.parse(JSON.generate(session_data), :symbolize_names=>true)
           elsif scope.opts[:sessions_convert_symbols]
             s = session_data
           else
@@ -84,7 +84,7 @@ module Rodauth
     end
     def set_jwt_token(token)
-      response.headers['Authorization'] = token
+      set_response_header('authorization', token)
     end
     def use_jwt?

data/lib/rodauth/features/jwt_cors.rb CHANGED Viewed

@@ -33,18 +33,18 @@ module Rodauth
     def before_rodauth
       if jwt_cors_allow?
-        response['Access-Control-Allow-Origin'] = request.env['HTTP_ORIGIN']
+        set_response_header('access-control-allow-origin', request.env['HTTP_ORIGIN'])
         # Handle CORS preflight request
         if request.request_method == 'OPTIONS'
-          response['Access-Control-Allow-Methods'] = jwt_cors_allow_methods
-          response['Access-Control-Allow-Headers'] = jwt_cors_allow_headers
-          response['Access-Control-Max-Age'] = jwt_cors_max_age.to_s
+          set_response_header('access-control-allow-methods', jwt_cors_allow_methods)
+          set_response_header('access-control-allow-headers', jwt_cors_allow_headers)
+          set_response_header('access-control-max-age', jwt_cors_max_age.to_s)
           response.status = 204
           return_response
         end
-        response['Access-Control-Expose-Headers'] = jwt_cors_expose_headers
+        set_response_header('access-control-expose-headers', jwt_cors_expose_headers)
       end
       super

data/lib/rodauth/features/login.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Rodauth
     auth_value_method :login_error_status, 401
     translatable_method :login_form_footer_links_heading, '<h2 class="rodauth-login-form-footer-links-heading">Other Options</h2>'
     auth_value_method :login_return_to_requested_location?, false
+    auth_value_method :login_return_to_requested_location_max_path_size, 2048
     auth_value_method :use_multi_phase_login?, false
     session_key :login_redirect_session_key, :login_redirect
@@ -95,7 +96,7 @@ module Rodauth
     end
     def login_required
-      if login_return_to_requested_location? && (path = login_return_to_requested_location_path)
+      if login_return_to_requested_location? && (path = login_return_to_requested_location_path) && path.bytesize <= login_return_to_requested_location_max_path_size
         set_session_value(login_redirect_session_key, path)
       end
       super

data/lib/rodauth/features/webauthn.rb CHANGED Viewed

@@ -123,7 +123,7 @@ module Rodauth
     route(:webauthn_auth_js) do |r|
       before_webauthn_auth_js_route
       r.get do
-        response['Content-Type'] = 'text/javascript'
+        set_response_header('content-type', 'text/javascript')
         webauthn_auth_js
       end
     end
@@ -158,7 +158,7 @@ module Rodauth
     route(:webauthn_setup_js) do |r|
       before_webauthn_setup_js_route
       r.get do
-        response['Content-Type'] = 'text/javascript'
+        set_response_header('content-type', 'text/javascript')
         webauthn_setup_js
       end
     end
@@ -410,13 +410,25 @@ module Rodauth
     private
     if WebAuthn::VERSION >= '3'
-      def webauthn_relying_party
-        # No need to memoize, only called once per request
-        WebAuthn::RelyingParty.new(
-          origin: webauthn_origin,
-          id: webauthn_rp_id,
-          name: webauthn_rp_name,
-        )
+      if WebAuthn::RelyingParty.instance_method(:initialize).parameters.include?([:key, :allowed_origins])
+        def webauthn_relying_party
+          # No need to memoize, only called once per request
+          WebAuthn::RelyingParty.new(
+            allowed_origins: [webauthn_origin],
+            id: webauthn_rp_id,
+            name: webauthn_rp_name,
+          )
+        end
+      # :nocov:
+      else
+        def webauthn_relying_party
+          WebAuthn::RelyingParty.new(
+            origin: webauthn_origin,
+            id: webauthn_rp_id,
+            name: webauthn_rp_name,
+          )
+        end
+      # :nocov:
       end
       def webauthn_create_relying_party_opts

data/lib/rodauth/features/webauthn_autofill.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Rodauth
     route(:webauthn_autofill_js) do |r|
       before_webauthn_autofill_js_route
       r.get do
-        response['Content-Type'] = 'text/javascript'
+        set_response_header('content-type', 'text/javascript')
         webauthn_autofill_js
       end
     end

data/lib/rodauth/version.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 38
+  MINOR = 39
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.38.0
+  version: 2.39.0
 platform: ruby
 authors:
 - Jeremy Evans
 bindir: bin
 cert_chain: []
-date: 2025-01-15 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -402,7 +402,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications
 test_files: []